CVE-2022-49072

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition issue exists due to the exposure of GPIO chip irq members before they are fully initialized. This can lead to a kernel NULL pointer dereference, as observed with the gc->irq.domain variable accessed through the I2C interface in gpiochip to irq() before initialization by gpiochip add irqchip(). The issue is related to the gpiochip to irq() function and the gc->irq.domain variable.

Recommendations To resolve this issue, restrict the usage of GPIO chip irq members before they are completely initialized. As a temporary workaround, consider disabling the gpiochip to irq() function until a patch is available. Additionally, restrict access to the gc->irq.domain variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.